<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->


<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->

<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->

<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->

<!DOCTYPE html
  PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="DC.Type" content="topic">
<meta name="DC.Title" content="(Optional) Step 3: Enabling Backup Link Encryption">
<meta name="product" content="">
<meta name="DC.Relation" scheme="URI" content="en-us_topic_0000001839269497.html">
<meta name="prodname" content="">
<meta name="version" content="">
<meta name="brand" content="30-OceanProtect Appliance 1.5.0-1.6.0 Help Center">
<meta name="DC.Publisher" content="20240608">
<meta name="DC.Format" content="XHTML">
<meta name="DC.Identifier" content="EN-US_TOPIC_0000001839189545">
<meta name="DC.Language" content="en-us">
<link rel="stylesheet" type="text/css" href="public_sys-resources/commonltr.css">
<title>(Optional) Step 3: Enabling Backup Link Encryption</title>
</head>
<body style="clear:both; padding-left:10px; padding-top:5px; padding-right:5px; padding-bottom:5px"><a name="EN-US_TOPIC_0000001839189545"></a><a name="EN-US_TOPIC_0000001839189545"></a>

<h1 class="topictitle1">(Optional) Step 3: Enabling Backup Link Encryption</h1>
<div><p>Enable the backup link encryption to use it.</p>
<div class="section"><h4 class="sectiontitle">Prerequisites</h4><p>Ensure that the NFS Kerberos service has been configured for the storage system. Otherwise, backup jobs may fail after backup link encryption is enabled. For details about how to configure the NFS Kerberos service, see "(Optional) Configuring the NFS Kerberos Service" in the . Add two users to the AD domain: one with the username <strong>rdadmin</strong> and the other with the username used for <a href="en-us_topic_0000001839269465.html">Resource Registration</a>. If the user already exists in the AD domain, you do not need to add it.</p>
</div>
<div class="section"><h4 class="sectiontitle">Precautions</h4><p id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839143225_p1854315715349">After backup link encryption is enabled, the ticket between the agent host and the KDC domain server has a validity period. If the ticket expires, backup jobs may fail. You are advised to prolong the validity period of the ticket in the Kerberos policy on the KDC domain server or configure the ticket to never expire. If the permanent validity period is not configured, you must run the <strong id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839143225_b1364583712529">kinit</strong> command on the agent host to re-obtain tickets for users added to the AD domain before the tickets are about to expire. For details, see "Configuring the Client" in the <i><cite id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839143225_cite832034004214">OceanProtect <span id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839143225_en-us_topic_0000001792502994_ph3400123014611">Appliance 1.5.0-1.6.0</span> Installation Guide</cite></i>.</p>
</div>
<div class="section"><h4 class="sectiontitle">Creating a Local UNIX Authentication User Group</h4><p id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_p11559638142518">Before enabling backup link encryption, if the current environment is not added to any domain environment, you need to add the user group to the local authentication user group. </p>
<ol id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_ol684034018017"><li id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_en-us_topic_0000001149078659_li319522912350"><span>Log in to DeviceManager.</span><p><ol type="a" id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_en-us_topic_0000001149078659_ol8463855369"><li id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_en-us_topic_0000001607531760_en-us_topic_0000001311295305_en-us_topic_0000001149078659_li929117916361">Choose <span class="uicontrol" id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_en-us_topic_0000001839143213_en-us_topic_0000001311295305_en-us_topic_0000001149078659_uicontrol1098185683619"><b><span id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_en-us_topic_0000001839143213_text157651936143415"><strong>System</strong></span> &gt; <span id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_en-us_topic_0000001839143213_text49601653123416"><strong>Infrastructure</strong></span> &gt; <span id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_en-us_topic_0000001839143213_text112401684352"><strong>Cluster Management</strong></span></b></span>.</li><li id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_li19932939164117">In the <span class="uicontrol" id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_en-us_topic_0000001839143213_uicontrol1050641575312"><b><span id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_en-us_topic_0000001839143213_text133861121163513"><strong>Local Cluster Nodes</strong></span></b></span> area of the <span class="uicontrol" id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_en-us_topic_0000001839143213_uicontrol13691645105219"><b><span id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_en-us_topic_0000001839143213_text1763193125313"><strong>Backup Cluster</strong></span></b></span> tab page, click the node name.</li><li id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_li1115217015589">In the <span class="uicontrol" id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_en-us_topic_0000001839143213_uicontrol1144724616332"><b><span id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_en-us_topic_0000001839143213_text51761646203516"><strong>Node detail</strong></span></b></span> dialog box that is displayed, click <span class="uicontrol" id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_en-us_topic_0000001839143213_uicontrol1544714611335"><b><span id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_en-us_topic_0000001839143213_text1624910583612"><strong>Open the device management platform</strong></span></b></span> to go to DeviceManager.</li></ol>
</p></li><li id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_li87291991624"><span>Choose <span class="uicontrol" id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_uicontrol09121440438"><b>Services &gt; File Service &gt; Authentication Users</b></span>.</span></li><li id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_li137641547137"><span>On the <span class="uicontrol" id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_uicontrol10526163318410"><b>UNIX Users</b></span> tab page, select <span class="uicontrol" id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_uicontrol8401937547"><b>Local Authentication User Groups</b></span>.</span></li><li id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_li070411388420"><span>Click <span class="uicontrol" id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_uicontrol3384134513413"><b>Create</b></span>.</span></li><li id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_li1015310410148"><span>Configure local UNIX authentication user group parameters.</span><p><ul id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_ul3309181391516"><li id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_li133091313161519"><strong id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_b197227248317">Name</strong>: Group to which the user belongs, which is set during database installation.</li><li id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_li1568371512156"><strong id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_b644062773114">ID</strong>: Run the <strong id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839268269_b1080133812316">cat /etc/group</strong> command to view the ID of the group to which the user belongs.</li></ul>
</p></li></ol>
</div>
<div class="section"><h4 class="sectiontitle">Enabling Backup Link Encryption</h4><ol><li><span>Choose <span class="uicontrol" id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839143225_en-us_topic_0000001102065552_en-us_topic_0000001085869992_en-us_topic_0000001092505479_uicontrol123381932135316"><b><span id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839143225_en-us_topic_0000001102065552_en-us_topic_0000001085869992_en-us_topic_0000001092505479_text113848306235"><span id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839143225_en-us_topic_0000001102065552_text8949174614917"><strong>System</strong></span></span> &gt; <span id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839143225_en-us_topic_0000001102065552_en-us_topic_0000001085869992_text484521122916"><span id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839143225_en-us_topic_0000001102065552_text2943115917492"><strong>Security</strong></span></span> &gt; <span id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839143225_text6472734351"><strong>Data Security</strong></span></b></span>.</span></li><li><span>In the <strong id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839143225_b538931191418">Encryption Settings</strong> area, click <span class="uicontrol" id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839143225_uicontrol851575420436"><b><span id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839143225_text2172104153514"><strong>Modify</strong></span></b></span> on the right of the page and enable <span class="uicontrol" id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839143225_uicontrol13743170204412"><b><span id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839143225_text451824814419"><strong>Backup Link Encryption</strong></span></b></span>.</span></li><li><span>Click <span class="uicontrol" id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839143225_uicontrol1839019167443"><b><span id="EN-US_TOPIC_0000001839189545__en-us_topic_0000001839143225_text1418318566358"><strong>Save</strong></span></b></span>.</span></li></ol>
</div>
<p></p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="en-us_topic_0000001839269497.html">Backing Up openGauss</a></div>
</div>
</div>

<div class="hrcopyright"><hr size="2"></div><div class="hwcopyright">Copyright &copy; Huawei Technologies Co., Ltd.</div></body>
</html>